/*
* Allow the application to pass the set of trust anchors
*/
SECStatus
SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList)
{
sslSocket *ss = ssl_FindSocket(fd);
CERTDistNames *names = NULL;
if (!certList) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (!ss) {
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors",
SSL_GETPID(), fd));
return SECFailure;
}
names = CERT_DistNamesFromCertList(certList);
if (names == NULL) {
return SECFailure;
}
ssl_Get1stHandshakeLock(ss);
ssl_GetSSL3HandshakeLock(ss);
if (ss->ssl3.ca_list) {
CERT_FreeDistNames(ss->ssl3.ca_list);
}
ss->ssl3.ca_list = names;
ssl_ReleaseSSL3HandshakeLock(ss);
ssl_Release1stHandshakeLock(ss);
return SECSuccess;
}
static SECStatus serverCAListShutdown(void* appData, void* nssData)
{
PORT_Assert(ssl3_server_ca_list);
if (ssl3_server_ca_list) {
CERT_FreeDistNames(ssl3_server_ca_list);
ssl3_server_ca_list = NULL;
}
setupServerCAListOnce = pristineCallOnce;
return SECSuccess;
}